|No such thing as a small change|
You raise some very good and very important points here. But one very big security threat that keeps getting overlooked is - your users.
Either knowingly, or unwittingly, many of your system users are a very real threat to the security of the machine. From the most extreme simple things like; do they write down their passwords on a big postit note by their computer? Do they remember to log off at all? Do they tinker around and write their own CGI applications on your system without you knowing? And does this CGI program that you don't know about run Matt's Free Guestbook for everyone in Sales? Does the MD allow her 15 year old hacker son to play around on the laptop from home?
IBM are running a good ad campaign at the moment highlighting this fact. They say something along the lines of "You've turned off all your unused ports and services. You've got the best firewall going but are you protected from Rose in Accounts?"
Physical security is as paramount as virtual/connection security. Is your box locked under key? Do you have 24/7 surveillance on the box by cameras, anti-tamper devices? etc. Of course, how far you want to take this depends on how much you value your data.
I just think these are highly important points people should be more aware of, and I constantly strive to bring these points further up our security agenda in work.
Update: kudos to cjf for reminding me of the name of the woman in Accounts - Rose. :)
In reply to (wil) Re: Security matters: keep thy doors closed!